Information Security

Basics of the Information Security Sohrab MonfaredIT Instructor / Security Specialist@CentreICT

Technology

Information security aka. InfoSec
● Information security, sometimes shortened to InfoSec, is
the practice of Defending information from unauthorized
access, use, disclosure, disruption, modification,
perusal, inspection, recording or destruction.
It is a general term that can be used regardless of the form
the data may take (electronic, physical, etc.)

Defending? Defend from who?
● Competitor
– BMW vs Toyota
– P.R.C. vs U.S.A.
– Huawei vs CISCO
● Black Hat Hackers
– IT Specialists who are mostly hired by
Organized/Unorganized criminals.

Who is the target though?
● Governments
– Oh, you've got some economical plans? Let us have a look ;)
● Military
– New artillery shell? New machine gun?
● Corporations
– You've got some products? We(Attackers) may want to damage
it or maybe make a copy.
● Financial Institutions
– Mr.X is a rich guy, let's see how many “Franklins” he has in his
account.

Key Concepts of InfoSec
● CIA! not FBI, nor NSA!
– Confidentiality
– Integrity
● This means that data cannot be modified in an
unauthorized or undetected manner.
– Availability
● The system and the resources should works properly
and be available.

How to make it secure then?
No way, you can not ;)
In the best case, you can reduce the
damage and the causality of a data
breach.
But wait... I think I've got some hints for
that.

Logical vs Physical
First we decide it by logic, then we apply it by physic :D
Logical: Least Privileges
Do we really need to run the Firefox as administrator?
Physical: Separation of Duties
A web developer doesn't need the root password of the
server.

Who DID it?
● Who was wise and well
informed!
Defense In Depth
is the most effective
method of defense.

Access Control
● Access to protected information must be restricted to people
who are authorized to access the information.
● Access control is generally considered in three steps:
– Identification
● Who are you? Are you really Dean Davis?
– Authentication
● How can you prove that? Any driver's license?
– Authorization
● Okay Mr.Davis but wait...
You are a Programmer, not a Network Administrator!

Cryptography
● Information security uses cryptography to transform usable
information into a form that renders it unusable by anyone
other than an authorized user.
● What about Encryption? It was the exact definition of the
Encryption and for doing it, we use the Cryptography
techniques.
Hello → J$$$qpys (Encryption)
J$$$qpys → Hello (Decryption)

Almost done...
Thanks for your attention
(Questions are welcome)

Viewers also liked

Learning management system

Как заработать деньги на своем сайте?

Управление проектом и ИКТР Учебное пособие по ИКТ для Развития для Вузов

Jafar urunov

Программное обеспечение в государственных учреждениях

Информационная безопасность в аспекте веб-разработки

About ICT4D Journal Tajikistan

With each passing year, the security threats facing computer networks have become more technically sophisticated, better organized and harder to detect. At the same time, the consequences of failure to block these attacks have increased. In addition to the economic consequences of financial fraud, we are seeing real-world attacks that impact the reliability of critical infrastructure and national security. Join Lancope's Director of Security Research to learn about five key challenges that computer security professionals face in 2013, including: 1. State-sponsored espionage and sabotage of computer networks 2. Monster DDoS attacks 3. The loss of visibility and control created by IT consumerization and the cloud 4. The password debacle 5. Insider threats

Viewers also liked (7)

Learning management system

Как заработать деньги на своем сайте?

Управление проектом и ИКТР Учебное пособие по ИКТ для Развития для Вузов

Jafar urunov

Программное обеспечение в государственных учреждениях

Информационная безопасность в аспекте веб-разработки

About ICT4D Journal Tajikistan

Similar to Information Security

Mark Arena - Cyber Threat Intelligence #uisgcon9

UISGCON

Challenges2013

Lancope, Inc.

SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...

Varun Mithran

The significance of the 7 Colors of Information Security

learntransformation0

PBL Encryption project.pptx

XyzAnc

1. introduction to cyber security

Animesh Roy

Robust Software Solutions.pptx

Business Thrust Pte. Ltd. (BThrust)

Avoid These Top 15 IT Security Threats

JumpCloud

What every executive needs to know about information technology security

Legal Services National Technology Assistance Project (LSNTAP)

Blackhat 2014 Conference and Defcon 22

dandb-technology

Presentation 1.pptx

rabeetkashif

Top 25 SOC Analyst interview questions that You Should Know.pptx

Infosectrain3

Insider threats and countermeasures

KAMRAN KHALID

Intro to INFOSEC

Sean Whalen

Cyber security positions have considerably taken the top list in the job market. Candidates vying for elite positions in the field of cyber security certainly need a clear-cut and detailed guide to channeling their preparation for smooth career growth, beginning with getting a job. We have curated the top cyber security interview questions that will help candidates focus on the key areas. We have classified the regularly asked cyber security interview questions here, in this article into different levels starting from basic general questions to advanced technical ones. Before we move on to the top cyber security interview questions, it is critical to reflect on the vitality of cyber security in our modern times and how cyber security professionals are catering to the needs of securing a safe cyber ecosystem. The times we live in is defined by the digital transition, in which the internet, electronic devices, and computers have become an integral part of our daily life. Institutions that serve our daily needs, such as banks and hospitals, now rely on internet-connected equipment to give the best possible service. A portion of their data, such as financial and personal information, has become vulnerable to illegal access, posing serious risks. Intruders utilize this information to carry out immoral and criminal goals. Cyber-attacks have jeopardized the computer system and its arrangements, which has now become a global concern. To safeguard data from security breaches, a comprehensive cyber security policy is needed now more than ever. The rising frequency of cyber-attacks has compelled corporations and organizations working with national security and sensitive data to implement stringent security procedures and restrictions. Computers, mobile devices, servers, data, electronic systems, networks, and other systems connected to the internet must be protected from harmful attacks. Cybersecurity, which is a combination of the words "cyber" and "security," provides this protection. 'Cyber' imbibes the vast-ranging technology with systems, networks, programs, and data in the aforementioned procedure. The phrase "security" refers to the process of protecting data, networks, applications, and systems. In a nutshell, cyber security is a combination of principles and approaches that assist prevent unwanted access to data, networks, programs, and devices by meeting the security needs of technological resources (computer-based) and online databases.

Top Cyber Security Interview Questions and Answers 2022.pdf

Careerera

Edith Turuka: Cyber-Security, An Eye Opener to the Society

Hamisi Kibonde

Slides to the online event "Creating an effective cybersecurity strategy" by Berezha Security Group, where we debunked myths about cybersecurity and recommended some easy-to-use practical steps to build an effective cybersecurity strategy for your small business. Meeting plan: 1. Widespread misconceptions about the cybersecurity of small and medium-sized businesses. 2. 10 steps to combat cyber threats. How to protect business effectively within a limited budget? About the speakers -Vlad Styran, CISSP CISA, Co-founder & CEO, BSG Vlad is an internationally known cybersecurity expert with over 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness. He is a BSG Co-founder & CEO and responsible for business and cybersecurity strategies. He could help businesses with consulting services in software security, cybersecurity awareness, strategy, and investment. Also, he acts as a speaker, blogger, podcaster in his volunteer activities. - Andriy Varusha, CISSP, Co-founder & CSO, BSG Andriy is an experienced top manager in IT-audit, consulting, and IT project management by leading outsourcing teams in Ukraine, Poland, and the USA. He also is keen on building customer relationships within the US, UK, and Western Europe geographies. At BSG, he leads the BSG advisory practice and consults development teams in all aspects of cybersecurity. About BSG Berezha Security Group (BSG) is a Ukrainian consulting company focused on application security and penetration testing. Our job is to help companies in all aspects of cybersecurity. We complete more than 50 Penetration Testing and Application Security projects yearly to know the business security vulnerabilities across the verticals. We help our customers address their future security challenges: prevent data breaches and achieve compliance. Our contacts: hello@bsg.tech ; https://bsg.tech

Slides to the online event "Creating an effective cybersecurity strategy" by ...

Berezha Security Group

Physician Office Presentation

franbodh

Security.pptx

john6938

The Cloud Beckons, But is it Safe?

NTEN

Similar to Information Security (20)

Mark Arena - Cyber Threat Intelligence #uisgcon9

Challenges2013

SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...

The significance of the 7 Colors of Information Security

PBL Encryption project.pptx

1. introduction to cyber security

Robust Software Solutions.pptx

Avoid These Top 15 IT Security Threats

What every executive needs to know about information technology security

Blackhat 2014 Conference and Defcon 22

Presentation 1.pptx

Top 25 SOC Analyst interview questions that You Should Know.pptx

Insider threats and countermeasures

Intro to INFOSEC

Top Cyber Security Interview Questions and Answers 2022.pdf

Edith Turuka: Cyber-Security, An Eye Opener to the Society

Slides to the online event "Creating an effective cybersecurity strategy" by ...

Physician Office Presentation

Security.pptx

The Cloud Beckons, But is it Safe?

Recently uploaded

Join us as we dive into the latest updates to the UiPath Orchestrator API, including new limits and features for 2024. Discover how these changes can enhance your automation projects and streamline your workflows. 📚 Overview of UiPath Orchestrator API 🔧 Recent changes to API limits 🛠️ How to adapt to new limits 📋 Best practices for using the Orchestrator API efficiently ❓ Q&A session

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀

DianaGray10

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

JMeter webinar - integration with InfluxDB and Grafana

RTTS

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

New customer? New industry? New cloud? New team? A lot to handle! How to ensure the success of the project? Start it well! I've created the 3 areas of focus at the beginning of the project that helped me in multiple roles (BA, PO, and Consultant). Learn from real-world experiences and discover how these insights can empower you to deliver unparalleled value to your customers right from the project's start.

Powerful Start- the Key to Project Success, Barbara Laskowska

Unlock the mysteries of successful Salesforce interviews in this insightful session hosted by Hugo Rosario (Salesforce Customer), a seasoned hiring manager that leads the Salesforce Department of multinational company with over 100 interviews under their belt. Step into the manager's chair and gain exclusive behind-the-scenes insights into what makes a Salesforce consultant stand out during the interview process. From deciphering the unspoken cues to mastering key strategies, we'll explore the intricacies of the interview process and provide practical tips for consultants looking to not only pass interviews but also thrive in their roles. Whether you're a seasoned professional or just starting your Salesforce journey, this session is your backstage pass to the secrets that hiring managers wish you knew.

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Explore the core of Salesforce success in 'Salesforce Adoption – Metrics, Methods, and Motivation.' We will discuss essential metrics, effective methods to drive adoption, and the driving force behind user engagement and explore strategies for onboarding, training, and continuous support that empower users to navigate the platform seamlessly. By leveraging these tools, you can effectively measure adoption against your company’s goals and create an environment where users not only adopt Salesforce but actively contribute to its ongoing success.

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

This talk focuses on the practical aspects of integrating various telephony systems with Salesforce, drawing on examples from implementations in the Czech scene. It aims to inform attendees about the spectrum of telephony solutions available, from small to large scale, and their compatibility with Salesforce. The presentation will highlight key considerations for selecting a telephony provider that integrates smoothly with Salesforce, including important questions to support the decision-making process. It will also discuss methods for integrating existing telephony systems with Salesforce, aimed at companies contemplating or in the process of adopting this CRM platform. The discussion is designed to provide a straightforward overview of the steps and considerations involved in telephony and Salesforce integration, with an emphasis on functionality, compatibility, and the practical experiences of Czech companies.

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors. Why this matters: The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions. Highlights: ▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain ▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing ▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond ▪ Future of Work: How automation will redefine jobs and economic structures by 2040 With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Peter Udo Diehl

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)

Julian Hyde

Welcome to UiPath Test Automation using UiPath Test Suite series part 2. In this session, we will cover API test automation along with a web automation demo. Topics covered: Test Automation introduction API Example of API automation Web automation demonstration Speaker Pathrudu Chintakayala, Associate Technical Architect @Yash and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 2

DianaGray10

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

How world-class product teams are winning in the AI era by CEO and Founder, P...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...